_mikebee_Q: Is the plugin safe?
I received an alert from my security plugin saying that the plugin has a high vulnerability: WordPress Bit Form plugin <= 2.21.10 - SQL Injection vulnerability.
It is also removed from the WordPress directory.
When will there be an update?
Abdul_Kaioum
Feb 17, 2026A: WordPress sent us some requirements to meet their guidelines; that’s why the free version is not temporarily available in the WordPress repository.
We have already provided the requested items. We hope the free version will be live again on the WordPress repository soon.
If it take long time, we will inform our users.
Currently, You can download the plugin from here https://bit-form.com/
You can install, test and use it. There is no issue.
IMPORTANT Note: these guidelines are not related to any bug or security issues.
They are related to how our support team handled some tickets in the WordPress repository, for which they need clarification.
Verified purchaser
i don't know if "trust me" is good enough. I too received the alert today. Do I trust the developers or a specialised security product?? (rhetorical question). AppSumo - where are you in all this?
We have submitted the patched version on February 14 for this vulnerability.
Patchstack follows a standard disclosure policy where they allow a one-week review window after a vulnerability is reported. If the patched version is not reviewed and approved within that timeframe, the vulnerability may still be published in their database as part of their disclosure process.
At this moment, our patched version has not yet been approved. If there is further delay in their approval process, we will proceed by releasing the patched version directly through our own subscription system and WordPress SVN to ensure all users have immediate access to the secure update.
Our patch has been approved by Patchstack and the vulnerability has been resolved.
The user asked about exploit issue, not WP requirements.
This is taken from Patchstack's database: Risks - CVSS 7.6 - SQL Injection: This could allow a malicious actor to directly interact with your database, including but not limited to stealing information. This security issue has a low severity impact and is unlikely to be exploited. Is the issue with Free or also Pro?
Hi, we have already addressed regarding the exploit issue, Patchstack has not approved our patched version yet and we have already released the patched version in our system.
Our patch has been approved by Patchstack and the vulnerability has been resolved.